Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39147 | 1 Webkul | 1 Uvdesk | 2024-11-21 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | |||||
| CVE-2023-39115 | 1 Campcodes | 1 Complete Online Matrimonial Website System Script | 2024-11-21 | N/A | 9.8 CRITICAL |
| install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. | |||||
| CVE-2023-38947 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-38915 | 1 Wolf18 | 1 Easyadmin8 | 2024-11-21 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. | |||||
| CVE-2023-38887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 8.8 HIGH |
| File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | |||||
| CVE-2023-38874 | 1 Economizzer | 1 Economizzer | 2024-11-21 | N/A | 8.8 HIGH |
| A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. | |||||
| CVE-2023-38836 | 1 Boidcms | 1 Boidcms | 2024-11-21 | N/A | 8.8 HIGH |
| File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. | |||||
| CVE-2023-38404 | 1 Veritas | 1 Infoscale Operations Manager | 2024-11-21 | N/A | 7.2 HIGH |
| The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. | |||||
| CVE-2023-38388 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | |||||
| CVE-2023-38330 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A | 5.3 MEDIUM |
| OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. | |||||
| CVE-2023-38098 | 2024-11-21 | N/A | 8.8 HIGH | ||
| NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720. | |||||
| CVE-2023-38095 | 2024-11-21 | N/A | 8.8 HIGH | ||
| NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19717. | |||||
| CVE-2023-38029 | 1 Saho | 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-37839 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-37677 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | |||||
| CVE-2023-37656 | 1 Websiteguide Project | 1 Websiteguide | 2024-11-21 | N/A | 9.8 CRITICAL |
| WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. | |||||
| CVE-2023-37629 | 1 Simple Online Piggery Management System Project | 1 Simple Online Piggery Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php." | |||||
| CVE-2023-37502 | 1 Hcltech | 1 Hcl Compass | 2024-11-21 | N/A | 9.0 CRITICAL |
| HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||||
| CVE-2023-37289 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2024-11-21 | N/A | 9.8 CRITICAL |
| It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567. | |||||
| CVE-2023-37208 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||